802.11i support in IBSS mode

Ambedkar R ambedkar_r
Tue Nov 27 21:21:31 PST 2007


Hi Nicholas,

It was very nice to see that you are trying to bring up high security in IBSS mode.In your mail you mentioned that we have only WEP authentication in IBSS mode,but many companies already implemented WPA-Personal in IBSS[Jouni if i am wrong please correct me regarding WPA-Personal in IBSS implementation]

And my concern is that WPA-Enterprise with IEEE802.1X implementation is possible in IBSS mode,but do you think is it needed? while two computers are talking each other in IBSS mode.There may be users sharing their working directory or some files and they never going access https site,such as ONLINE BANKING,SHARE TRADING etc.

If we implement WPA-Enterprise in IBSS mode,all STA's should act as SERVER,Authenticator,STA.

Any how if you start working on WPA-Enterprise in IBSS mode,i join my hands with you guys.

Thanks
Ambedkar.R

On Tue, 27 Nov 2007 Nicolas Pichon wrote :
>Hi all,
>
>Although RSN associations (aka WPA2) are described for IBSS networks in
>IEEE 802.11i norm, there is currently no implementation of this feature.
>As a matter of fact, the only security mechanism available in IBSS mode
>is WEP, which is too weak.
>
>I'm currently working on a future implementation of 802.11i for IBSS
>mode, and after having read and understood most of 802.11i norm parts
>concerning IBSS, I'd like to submit my thoughts and choices, in order to
>get any feedback from the list. I also have several questions to ask.
>
>
>In a first time, my goal is to have an initial implementation with only
>a subset of the features described in the norm.
>
>What I plan to have is :
>   - WPA2-PSK mode
>   - CCMP (AES encryption)
>   - Beacons and Probe Response generation
>What features I don't plan to include in initial implementation :
>   - 802.1X authentication
>   - TKIP
>   - Open System Authentication (optional in IBSS mode)
>   - Group Key Renewal
>
>I think this should be enough in order to have 2 STAs talking inside a
>secure link.
>
>
>To make developments and tests, I have many x86 and ixp425 based systems
>with Atheros chips running madwifi driver.
>
>
>Currently we have 2 components to manage an RSN association :
>   - hostapd on AP side which assumes the role of Authenticator
>   - wpa_supplicant on Client site which assumes the role of supplicant
>
>In an IBSS network, each STA has an Authenticator AND a Supplicant. So
>we have to have a component which can assume both roles. There are two
>solutions that come in my mind. Should we :
>   - integrate needed code from one component to the other ? Which
>component should integrate the other ?
>   - create a new component which include parts of source code from both
>hostapd and wpa_supplicant (I think it's a better way to do). How could
>we name this new component (a thing like "wpa2_ibss") ?
>
>
>I've made a checkout of current GIT repository, and started reading
>Doxygen generated Reference Manual, but I'm not familiar with
>hostap/wpa_supplicant code. So any help on understanding it, where to
>start work, or any pointer to additional information source are welcomed.
>
>I already have three guys ready to bring some help or contribute (Jouni
>Malinen, Benoit Papillault and Michael Taylor), but of course anyone
>interested in giving help is also welcomed. We could use this list to
>coordinate work for this project.
>
>One more question : where should development take place ?
>
>
>Thanks for reading this,
>
>Nicolas Pichon.
>
>
>
>
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20071128/907df575/attachment.htm 



More information about the Hostap mailing list